With scientific and technological progress, a fingerprint recognition technology is gradually integrated into a computer technology. Fingerprint applications on an existing mobile terminal generally include security-related applications and non-security-related applications. Examples of the security-related applications are fingerprint-based payment applications. The non-security-related applications are applications such as piano playing or font adjustment. There may be two execution environments on the existing mobile terminal, such as a rich execution environment (REE) and a trusted execution environment (TEE). Each execution environment includes an application, an operating system (OS), a driver module, and the like. (1) An OS included in the REE is a rich operating system (Rich OS) (optionally, the operating system is configured to generate and maintain a standard runtime environment, and is an operating system that has a strong processing capability and a multimedia function), such as an Android operating system. An application included in the REE is a client application (CA). (2) An OS included in the TEE is a trusted operating system (Trusted OS) (optionally, the operating system is configured to generate and maintain a secure runtime environment, and is a trusted operating system that has a secure processing capability and that provides a secure peripheral operation). An application included in the TEE is a trusted application (TA). The Trusted OS and the Rich OS are operating systems coexisting on the mobile terminal. Software and hardware resources of the Trusted OS are isolated from those of the Rich OS. In addition, the Trusted OS may provide a security service for the Rich OS. The CA may establish a session connection with the TA in the TEE by using a system switchover interface (such as a TEE client interface or a TEE function interface) (the system switchover interface is configured to provide a channel for establishing the session connection with the TA by the CA). The TA running in the Trusted OS that is isolated from the Rich OS may provide a related security function for the CA in the REE or another TA in the TEE, so as to prevent an attack of software/malicious software.
In the prior art, a fingerprint verification function is integrated into the TEE to ensure security of fingerprint information. Therefore, when fingerprint verification needs to be performed for any CA running in the Rich OS on the mobile terminal, switchover to the TEE needs to be first performed by using the system switchover interface (such as the TEE client interface), and a session connection needs to be established with a TA in the TEE. Further, the TA invokes a TEE fingerprint interface (such as a TEE FingerPrint API) for fingerprint verification.
It can be learned that, at present, fingerprint verification can be performed only in a secure runtime environment in the prior art, and a verification manner is monotonous.